lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20140821.173339.1409243624518012670.davem@davemloft.net>
Date:	Thu, 21 Aug 2014 17:33:39 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	jiri@...nulli.us
Cc:	netdev@...r.kernel.org, kuznet@....inr.ac.ru, jmorris@...ei.org,
	yoshfuji@...ux-ipv6.org, stephen@...workplumber.org,
	cwang@...pensource.com, pshelar@...ira.com,
	nicolas.dichtel@...nd.com, therbert@...gle.com,
	dborkman@...hat.com, edumazet@...gle.com
Subject: Re: [patch net-next 1/3] net: propagate sock pointer through
 netfilter hooks

From: Jiri Pirko <jiri@...nulli.us>
Date: Fri, 15 Aug 2014 20:32:54 +0200

> When output function (ip6_finish_output2 for example) needs to be called
> with sock pointer, we need to push sock pointer through the netfilter
> hooks. This patch does that.
> 
> Signed-off-by: Jiri Pirko <jiri@...nulli.us>

Ok, I'm going to admit that I am having second thoughts about this
approach.  This is a quite large set of churn to fix this bug.

However, in the same breath, I can't come up with a simpler way to
propagate this information without the really unacceptable overhead of
adding another sk_buff member.

And even if we found some simple way to deal with that sk_mc_loop()
test, ipv6 has other demons in this area.

For example, look at what ip6_fragment() does, it also assumes skb->sk
is an inet6 socket.

	struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
 ...
	if (np && np->frag_size < mtu) {
		if (np->frag_size)
			mtu = np->frag_size;
	}

The rest of the skb->sk usage in these place is fine, as they are
simply propagating socket ownership from one packet to another, rather
than doing protocol specific things with them.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ